NVD disclosure day

Published threat advisories for June 25, 2024

CVE advisoryKnown Exploit

CVE-2024-4885

Progress WhatsUp Gold Unauthenticated Remote Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Progress WhatsUp Gold could enable an unauthenticated attacker to execute commands on affected systems. This presents a significant risk of unauthorized access and control over critical infrastructure, potentially leading to system compromise. Organizations are advised to apply vendor updates.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2024-37085

VMware ESXi Authentication Bypass Vulnerability.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

VMware ESXi systems integrating with Active Directory are susceptible to an authentication bypass, allowing a threat actor with specific AD permissions to gain full host access by recreating a deleted administrator group. This poses a business risk of unauthorized access and control over critical infrastructure.

NVD published: • CISA KEV